スライド 1 - ICANN
Download
Report
Transcript スライド 1 - ICANN
Root Server System Advisory
Committee
Jun Murai, Chair of RSSAC
ICANN Public meeting
June 28, 2002
Bucharest, RO
DNS Tree
Root Name Servers
TLD Name Servers
… ac
kyoto-u
…
wide
・
ro … com
jp
ad
root
(dot)
co
nic …
ad.jp domain
org
or
… janog
jp domain
Semantics of TLDs
Which TLD should be added/deleted?
Who owns/operates that specific TLD?
ICANN/IANA
Who and Where are the
(new) root servers?
1. Update the database
2. Share the database among the distributed
root servers
3. Make it available to everyone
IANA/Root Server Operators
List of the Root Servers
name
a
b
c
d
e
f
g
h
i
j
k
l
m
org
Verisign
USC/ISI
PSInet
UMD
NASA
ISC
DISA
ARL
NORDUnet
(TBD)
RIPE
ICANN
WIDE
city
type
url
Herndon,VA, US
com http://www.internic.org
Marina del Rey,CA, US
e du http://www.isi.edu/
Herndon,VA, US
com http://www.psi.net/
College Park,MD, US edu http://www.umd.edu/
Mt View, CA, US
usg http://www.nasa.gov/
Palo Alto, CA, US com http://www.isc.org/
Vienna, VA, US
usg http://nic.mil/
Aberdeen, MD, US usg http://www.arl.mil/
Stockholm, SE
int http://www.nordu.net/
(colo w/ A)
() http://www.iana.org/
London, UK
int http://www.ripe.net/
Marina del Rey,CA, USorg http://www.icann.org/
Tokyo, JP
int http://www.wide.ad.jp/
The DNS Tree
●
TLDs
co
jp
uy
ROOT!
com
ac
org
icann
keio
med
sfc
net
The Past 12 Meetings
•
•
•
•
•
•
•
•
•
•
•
•
March 2, 1999 in Singapore (Apricot)
March 16, 1999 in Minneapolis (IETF)
June 21, 1999 in San Jose (INET99)
July 12, 1999 in OSLO (IETF)
November 9, 1999 in Washington D.C.(IETF)
March 27, 2000 In Adelaide (IETF)
August 1, 2000 In Pittsburgh(IETF)
December 13, 2000 In Dan Diego(IETF)
March 12, 2001 In Minneapolis(IETF)
August 5, 2001 In London(IETF)
December 9, 2001 In Salt Lake City(IETF)
March 17, 2002 In Minneapolis(IETF)
Panel: Root Name Servers
November 13, 2001
Paul Vixie (F)
Mark Kosters (A, J)
Lars-Johan Liman (I, Co-chair
IETF/DNSOPS)
Chair: Jun Murai (M, chair of RSSAC)
Root name servers:
distributed system
• Diversed variants of the Unix operating
system:
– 7 different hardware platforms
– 8 different operating systems (UNIX variants)
– from 5 different vendors.
• geographically distributed
• operate on local time (including GMT),
Zone file transfer (from Nov. Panel)
•
Master File Generation
–
–
–
Installed on staging machine
•
•
Pushed to Trusted interface
Before loading -Security checks performed
–
–
Serial number of SOA record
Feedback from provisioning if changes made to
Delegation
Hash of zone file
Gpg (pgp) signatures per file
File that contains md5sum signed
ftp://rs.internic.net/domains
ftp://ftp.crsnic.net/domains for those who
have accounts for com/net/org
Files pushed to distribution master and a.rootservers.net
•
•
–
–
•
Authenticity
Validity
Multiple machines used while changing zones
•
Security Elements
•
•
•
–
Database
Distribution mechanism
Backups stored at off-site locations
Humans look at differences
Look for key changes
•
•
–
–
–
Generated by Provisioning Database
Replicated to disaster recovery site
•
•
•
–
–
Zone Files pushed to ftp servers
Minimize downtime on a.root-servers.net or
j.root-servers.net
Message sent out to internal notification list
Slave side cheking
–
Using the DNS protocol
•
•
Logs checked
DNS queries
–
Out of band
•
•
–
Notify message
Refresh interval check
Pgp-signed email
Cronjob
Responsibility of each root operator to check
validity
Root Server System Advisory
Committee
Jun Murai, Chair of RSSAC
ICANN ccTLD meeting
June 25, 2002
Bucharest, RO
DNSsec
• Several workshops over the years.
– European – SE, NL, Ripe
– USA – Cairn & NANOG
– ASIA – Apricot 2001
• Workshops have all been in isolated
environments.
• key management, key creating, validation
periods need to be tested
IPv6
• Applications need DNS resolution.
• DNS servers have had forms of IPv6 DNS
support for 7 years.
• NO native IPv6 support has been available
until very recently.
• Generated: Proposal for IPv6 testbed on
Root Servers
• Four servers are in operation of testing
with isolated environment
• Community consensus on the process
IDN impact on root servers
• Result of the review
– Proposed technologies should not be any impact to root servers
• But need to be tested from a point of views of root
servrers
– Need to be informed about six month BEFORE ‘real’ operation
– Informed on any dceision would be appreciated.
• Concerns that a lot of the development is actually done
outside the IETF.
• Need consistency with architectural definition of the
global DNS in the IAB/IESG/IETF community
Root Operator ‘contract’
• Initial specifications: modified RFC 2870
– RSSAC review was done and modified on detailed
specification
• Commitment on measurement added
• Defining list of institutional contractual and legal
responsibility
– For finalizing the ‘contract’ process
• Discussions start including the people above
Root server (re)location decision
• Engineering criteria definition
– Operational requirements: done
• RFC2870
• Measurement and Analysis for existing root
name servers
• Approve of methods
• The methods above will be used for future
decision
• Joint research/program with CAIDA and others
The version number of bind
which are running in the Internet.
The number of DNS servers
categorized by BIND version. (as of
November
1999)
8.1.2
95863
8.2
23988
8.2.1
21158
4.9.7
20824
8.1.1
11968
4.9.6
7712
4.9.7-TB1
5808
8.1.2-TB2
5759
Others
7626
Summary
• Root DNS
– Zone administration
• ICANN/IANA/US-DOC
– Name server operation
• Root server operators
• Security and Stability
– DNSSEC/TSIG
– ICANN November Presentations
– ICANN DNSSAC
• CRADA report
– On editorial action
• Possible relocation(s)
– Measurement tasks on performance of root servers going on
– Recommendation on mechanisms
Important URLs
• ICANN RSSAC
– http://www.icann.org/committees/dns-root/
• Root Name Servers
– http://www.root-servers.org
• IANA
– http://www.iana.org
• RSSAC Y2K Statement
– http://www.icann.org/committees/dns-root/y2k-statement.htm
• IETF DNSOP
– http://www.ietf.org/html.charters/dnsop-charter.html
• CRADA
– http://www.icann.org/committees/dns-root/crada.htm
• CAIDA
– http://www.caida.org/tools/measurement/skitter/RSSAC/
• WIDE
– http://www.wide.ad.jp
Schedules
• The 13th meeting of RSSAC is Scheduled
– IETF/Yokohama (Monday, July 14)
• Expected agenda of the 13th meeting
–
–
–
–
–
Contractual process discussion
Documentation for Board and DOC finalizing
More on Monitor/Measurement
DNSSEC/TSIG deployment update
IPv6 experiments update
• Mailing list:
– [email protected]